Possible Firefox 3 bug may cause Zimbra problems

I'm currently running Firefox 3 beta 2 on Ubuntu Linux and I've hit a problem fairly regularly that looks like a Firefox bug but might be a Zimbra issue. If it happens often, it could cause serious problems for Zimbra users in future.

When connecting to Zimbra I sometimes get the error sec_error_reused_issuer_and_serial, which is meant to signify that the server has presented a certificate with the same issuer and serial number to another cert. In this case, Firefox 3 will not allow access to the site: no exceptions, access is simply blocked.

It's possible that this is a Zimbra bug. On the Zimbra server in question I followed the standard procedure to create a local certificate which looks fine and other users haven't reported any problems (new cert. created nearly three months ago so there's been time). So it seems to me unlikely to be a Zimbra bug, but possible.

I'm concerned because the behaviour of Firefox is not consistent:
- Rebooting the PC or stopping/starting Firefox is sometimes enough to get me on.
- The error can still occur when I've deleted every certificate from Firefox, so I don't know what Firefox is comparing the certificate to.

I'm still seeing this issue intermittently on Firefox 2 and Firefox 3, but it sounds like no-one else is (or you're keeping very quiet about it :-) ). I guess that's a good sign, but it would be useful for me to know whether this is a general problem or something only I'm seeing.

When connecting to Zimbra I sometimes get the error sec_error_reused_issuer_and_serial, which is meant to signify that the server has presented a certificate with the same issuer and serial number to another cert. In this case, Firefox 3 will not allow access to the site: no exceptions, access is simply blocked.

Just some further info for you. I tried connecting to your url and I get the same message with FF3 but it does allow me to add an exception. Are you using OSCP to verify certificates? I usually find that doesn't work too well and turn it off.

[edit]Sorry, that should have been: I see the (Error code: sec_error_ca_cert_invalid) error.

Thanks for the comments. This morning it allows me to add an exception. On Friday, with no change in certificate at all, it refuses me entry altogether.

Unfortunately, with a bug that's both rare and intermittent, I can imagine the developers could tear their hair out to resolve it but I think it is a Firefox bug. I may also raise it as a Zimbra bug for visibility.

On the days when it doesn't like me, I'm having to boot up Win XP in a Virtual Machine just to get access to IE7 to access the admin console